Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/512313-afcd-4e9a-bb70-71005f7f02a8/1/WmB9UtjUjjVx7xr51T-GmgdKEKA.roa
File:                     WmB9UtjUjjVx7xr51T-GmgdKEKA.roa (raw, json)
Hash identifier:          D3uiVkDTLKFcQCkiwzGaEl7WvbAfLwc1z5BcyuQj/RA=
Subject key identifier:   5A:60:7D:52:D8:D4:8E:35:71:EF:1A:F9:D5:3F:86:9A:07:4A:10:A0
Certificate issuer:       /CN=98690af062ea9b3ae5f64cf9a9fea56324c6bd97
Certificate serial:       018CC87037A2A20A6FCF227A156BCA3676AF
Authority key identifier: 98:69:0A:F0:62:EA:9B:3A:E5:F6:4C:F9:A9:FE:A5:63:24:C6:BD:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGkK8GLqmzrl9kz5qf6lYyTGvZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/512313-afcd-4e9a-bb70-71005f7f02a8/1/WmB9UtjUjjVx7xr51T-GmgdKEKA.roa
Signing time:             Tue 02 Jan 2024 04:30:46 +0000
ROA not before:           Tue 02 Jan 2024 04:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60576
IP address blocks:        185.74.12.0/22 maxlen: 24
                          2a05:4840::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/512313-afcd-4e9a-bb70-71005f7f02a8/1/mGkK8GLqmzrl9kz5qf6lYyTGvZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/512313-afcd-4e9a-bb70-71005f7f02a8/1/mGkK8GLqmzrl9kz5qf6lYyTGvZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGkK8GLqmzrl9kz5qf6lYyTGvZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:37:a2:a2:0a:6f:cf:22:7a:15:6b:ca:36:76:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98690af062ea9b3ae5f64cf9a9fea56324c6bd97
        Validity
            Not Before: Jan  2 04:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a607d52d8d48e3571ef1af9d53f869a074a10a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:58:f7:9e:7c:62:63:b3:cf:40:3d:6a:91:bc:
                    26:57:ed:2d:31:4d:a9:1f:3c:b6:0f:84:f9:4c:d2:
                    73:9e:8b:ad:65:5b:5e:1b:3a:70:20:34:05:09:23:
                    cd:fe:4b:aa:2e:42:d5:e4:10:ad:75:2c:e5:b3:d2:
                    96:ea:53:0d:74:db:b2:09:1c:a9:73:c0:03:c8:d0:
                    55:78:95:02:b6:87:eb:95:b5:fb:d6:28:c1:45:ae:
                    9c:e2:85:05:99:22:f3:f1:06:0e:b3:6b:aa:f5:81:
                    da:5e:c5:ff:8f:87:67:6f:82:86:a6:c7:fa:70:3c:
                    34:60:61:19:40:92:13:90:d6:90:c0:c3:f5:93:e6:
                    c6:08:68:60:f2:23:44:23:fb:56:19:79:7b:9a:4a:
                    a6:81:d3:92:da:d9:c4:5d:fc:02:95:ac:6a:54:1e:
                    1e:58:f1:6b:cb:e1:e3:2b:04:02:8d:ea:20:0d:f5:
                    07:63:7b:0e:f6:94:c3:7f:b0:c3:cb:df:5f:16:12:
                    a5:f4:6d:7c:c0:d3:0d:c4:4d:30:10:e9:a0:41:6d:
                    6b:f9:4e:0a:87:d3:cc:e3:17:66:ae:4b:aa:df:dd:
                    11:62:6f:8e:79:6e:b0:95:79:bd:b0:2c:2a:d0:cc:
                    d7:65:c6:af:05:55:c9:6a:22:e6:dc:fd:83:2e:91:
                    4b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:60:7D:52:D8:D4:8E:35:71:EF:1A:F9:D5:3F:86:9A:07:4A:10:A0
            X509v3 Authority Key Identifier:
                keyid:98:69:0A:F0:62:EA:9B:3A:E5:F6:4C:F9:A9:FE:A5:63:24:C6:BD:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGkK8GLqmzrl9kz5qf6lYyTGvZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/512313-afcd-4e9a-bb70-71005f7f02a8/1/WmB9UtjUjjVx7xr51T-GmgdKEKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/512313-afcd-4e9a-bb70-71005f7f02a8/1/mGkK8GLqmzrl9kz5qf6lYyTGvZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.12.0/22
                IPv6:
                  2a05:4840::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:ad:c0:e5:74:78:2b:af:6b:e4:00:30:3d:18:6d:e9:31:18:
         ae:61:cd:2f:99:22:68:15:30:7b:ca:e9:65:28:24:f6:68:7c:
         87:65:0b:f1:32:7c:a0:0c:1d:4b:7e:9d:7f:fb:04:b5:33:6b:
         4d:48:e9:8b:f3:03:29:d6:22:36:c4:b0:c5:08:52:9c:cb:df:
         ca:2e:78:5d:ee:5a:d0:e5:8b:56:e4:24:08:e7:3c:0e:e7:24:
         e5:a0:c2:28:62:c4:50:ec:48:6b:1c:a9:58:89:c3:ce:35:3b:
         06:92:13:30:12:1e:3a:24:25:65:40:e8:44:31:cc:9c:b9:c6:
         62:7c:73:ac:9c:ef:aa:55:d3:c7:7a:fe:6e:97:b0:10:d9:c6:
         a6:91:9b:65:52:f3:16:b4:4c:71:1f:24:18:24:2a:c9:54:9b:
         ad:c8:b7:88:b9:a3:ac:95:b6:d2:ef:3d:75:f7:96:6e:ca:55:
         2f:07:03:6f:ba:e4:12:65:cc:a5:a0:d2:30:58:1c:4a:36:2b:
         52:66:37:bd:77:8f:a8:1e:3d:ac:f2:4f:a6:0b:ff:fd:35:85:
         c5:dc:fe:aa:59:89:af:0a:59:34:61:f6:e1:d6:88:eb:e1:52:
         df:09:12:d3:37:5d:94:10:14:6d:c4:bb:d9:bb:a7:b1:98:af:
         89:62:f6:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcDeiogpvzyJ6FWvKNnavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjkwYWYwNjJlYTliM2FlNWY2NGNmOWE5ZmVhNTYzMjRj
NmJkOTcwHhcNMjQwMTAyMDQzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTYwN2Q1MmQ4ZDQ4ZTM1NzFlZjFhZjlkNTNmODY5YTA3NGExMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVj3nnxiY7PPQD1qkbwmV+0tMU2p
Hzy2D4T5TNJznoutZVteGzpwIDQFCSPN/kuqLkLV5BCtdSzls9KW6lMNdNuyCRyp
c8ADyNBVeJUCtofrlbX71ijBRa6c4oUFmSLz8QYOs2uq9YHaXsX/j4dnb4KGpsf6
cDw0YGEZQJITkNaQwMP1k+bGCGhg8iNEI/tWGXl7mkqmgdOS2tnEXfwClaxqVB4e
WPFry+HjKwQCjeogDfUHY3sO9pTDf7DDy99fFhKl9G18wNMNxE0wEOmgQW1r+U4K
h9PM4xdmrkuq390RYm+OeW6wlXm9sCwq0MzXZcavBVXJaiLm3P2DLpFL8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFpgfVLY1I41ce8a+dU/hpoHShCgMB8GA1UdIwQY
MBaAFJhpCvBi6ps65fZM+an+pWMkxr2XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdrSzhHTHFtenJsOWt6NXFmNmxZeVRHdlpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC81MTIzMTMtYWZjZC00ZTlhLWJiNzAt
NzEwMDVmN2YwMmE4LzEvV21COVV0alVqalZ4N3hyNTFULUdtZ2RLRUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC81MTIzMTMtYWZjZC00ZTlhLWJiNzAtNzEwMDVmN2YwMmE4
LzEvbUdrSzhHTHFtenJsOWt6NXFmNmxZeVRHdlpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUoMMA0E
AgACMAcDBQMqBUhAMA0GCSqGSIb3DQEBCwUAA4IBAQBgrcDldHgrr2vkADA9GG3p
MRiuYc0vmSJoFTB7yullKCT2aHyHZQvxMnygDB1Lfp1/+wS1M2tNSOmL8wMp1iI2
xLDFCFKcy9/KLnhd7lrQ5YtW5CQI5zwO5yTloMIoYsRQ7EhrHKlYicPONTsGkhMw
Eh46JCVlQOhEMcycucZifHOsnO+qVdPHev5ul7AQ2camkZtlUvMWtExxHyQYJCrJ
VJutyLeIuaOslbbS7z1195ZuylUvBwNvuuQSZcyloNIwWBxKNitSZje9d4+oHj2s
8k+mC//9NYXF3P6qWYmvClk0Yfbh1ojr4VLfCRLTN12UEBRtxLvZu6exmK+JYvbo
-----END CERTIFICATE-----